[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2028
  • Last Modified:

The connection to the Microsoft Exchange Server is unavailable. Outlook must be online or connected to complete the action

Exchange 2010 on a 2003 domain

A user can connect using Outlook 2010 to his mailbox on an in-house machine, but when he vpn's in from his home computer he gets this error:

The connection to the Microsoft Exchange Server is unavailable. Outlook must be online or connected to complete the action

pinging the mail server works
the mail server name, both simple and full, is in the hosts file

he claims there is no firewall running on his home computer and previously, when his mailbox was on the old Exchange 2003 server, he could connect using outlook with no problem

Thanks for any help on this.
0
gateguard
Asked:
gateguard
  • 10
  • 5
  • 3
2 Solutions
 
MNH1966Commented:
Sounds like a packet fragmentation problem.
This article may put you on the right track: http://www.itsyourip.com/Windows/how-to-fix-exchange-outlook-connection-issues-over-ipsec-vpn/
This may also help analyze: http://forums.msexchange.org/m_1800398685/mpage_1/key_/tm.htm#1800398764
These kind of problems can be very difficult to troubleshoot. When searching, try Outlook MTU VPN as search terms.
0
 
gateguardAuthor Commented:
I don't think it's a fragmentation problem, unless a particular computer can have the problem.

This user just tried connecting with a laptop running 32bit XP and Outlook 2007 and got right on... from the same location... through the same router... over the same vpn connection.

The machine he can't connect from is a win7 64-bit running outlook2010 (though he gets this error just setting up the connection in Control Panel | Mail so I don't see how it can be an outlook problem).

I wonder if it's a 64-bit windows problem of some kind.
0
 
DaveCommented:
shouldn't be a 64-bit windows problem. More likely it can't find a dc to authticate against, I have had this when the authentication mthods were set wrongly in the mapi profile. compare with a working PC.

If not I wonder if you could give us more info. So why do you need the server address in the hosts file? Why doesn't he get DNS from the internal network when the VPN link comes up. Is it the Domain controllers it can't find. rather than the exchange server. If its VPN is the pc on the domain? Any issues with the pc's domain account. what vpn things do work? file share? printer share? have you disabled cached mode? Can the pc be tried in the office? does tcpview from live.sysinternals.com show anything? Are there any firewall logs to show blocked connections. Is the autodiscover service configured. is there an autodiscover url?


btw its a mapi connection problem and the mail icon in control panel is using the same MAPI DLL to connect as OUTLOOK.

sorry for all the questions.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
MNH1966Commented:
Actually, it's not necessarily a particular computer that can have fragmentation issues, but a particular network component can be the cause. I used to have a sitecom router at home that caused similar problems untill I upgraded the firmware. You could try setting up a vpn with this system from a different location or replace the router.
In any case, I still wouldn't rule out the VPN as the cause...
0
 
gateguardAuthor Commented:
I will have answers to the questions tomorrow.  I'm taking an office computer home with me tonight.
0
 
gateguardAuthor Commented:
I've conducted many tests now from 3 different locations (other people helping me) -- locations in different states and time zones, locations that all have different wireless/router hardware connecting to the internet.

The results are 100% consistent.

In all cases, the test is:

Run Office 2010 locally on the test computer, connect via VPN to the home office which hosts the Exchange 2010 Server.

These are the results:

32-bit XP ............... Success
32-bit Windows 7 ... Success
64-bit Windows 7 ... Fail

These results are absolutely consistent over several different machine types, wireless connection routers, wired routers, and vpn hardware firewalls.

It does not matter what you change, you get the same results.

Is it 64-bit Windows 7?  Yes?   Then it fails.

I am going to try to get my hands on a 64-bit XP machine to test with next.

0
 
gateguardAuthor Commented:
g4ugm:

Regarding some of your questions (didn't get to them all):

1. No need for the server address in the hosts file.  I was just "making sure".  But the 32-bit machines work without the server address in the hosts file.  And the 64-bit win7 fails with or without.

2. Most of the machines tested have already been joined to the domain but I have one 32-bit XP that in my home that is a desktop, never joined to the domain, and runs Outlook over vpn to Exchange 2010 without a problem.

3.  Everything else succeeds over the vpn connection.  File share, outlook connection to the old exchange 2003 server (using a different mailbox account, of course), everything.  To paraphrase Jules talking to The Wolf: The VPN is Tip Top.

4. Cached mode doesn't matter.  The failure happens on the "check name" screen.  You can check and uncheck cached mode all you want, when you hit that "check name" button you get the failure.

5.  I am in the office now, with a 64-bit Windows 7 machine (an HP HDX) that I took home last night to test, and it works fine on the LAN.  Runs outlook 2010, connects to exchange server 2010, email send, email receive, public folders, calendar, all of it, all good.

0
 
DaveCommented:
well sorry, but i am as puzzled as you are.

I can't see why outlook would be any different between x.64 and x.32

0
 
MNH1966Commented:
What VPN product do you use?
0
 
gateguardAuthor Commented:
I have ISA Server 2006 running at a home site and two remote sites (site-to-site vpn).

People who are outside either of those sites use windows new connection wizard, create a "workplace" vpn and then use that vpn connction to log in with their domain account.

It doesn't matter if you are at one of the remote sites (site-to-site vpn) or logging in on a temporary vpn connection from home (or starbucks, etc), the result is the same:

32-bit XP ............... Success
32-bit Windows 7 ... Success
64-bit Windows 7 ... Fail

Just as an example, I am including a screen shot of the vpn connection on my home computer, an XP machine that has no problem connecting to the exchange2010 over the vpn.


 Vpn connection.
0
 
gateguardAuthor Commented:
0
 
DaveCommented:
if you go into the mapi profile (the mail icon on control panel) , open the account settings, on the security tab, you can set the authentication to NTLM rather than kerberos if your DCs support it.

I know its not as secure....
0
 
gateguardAuthor Commented:
We previously had tried switching to NTLM but I tried it again, on your suggestion, just to be sure.

It did not affect the problem.  The problem is still the same.

I also tried forcing kerberos over tcp using http://support.microsoft.com/kb/244474, but it also did not affect the problem.

The problem is still the same.
0
 
MNH1966Commented:
Just a thought, but why not use Outlook Anywhere?
You have all the elements to make it a relatively easy setup...
0
 
gateguardAuthor Commented:
MNH1966:

Outlook Anywhere also fails.

I think it is a packet problem and I want to use your links to troubleshoot but they involve vpn-over-ipsec and I have vpn-over-ppp.

Should I switch to ipsec to fix this (on the ISA 2006 server)?
0
 
MNH1966Commented:
Although the article doesn't mention VPN explicitely, it won't hurt to try this:
http://support.microsoft.com/kb/913843

I'll see if I can find more. I wouldn't switch to IPSEC just yet. It can be pretty complicated, especially if you're not experienced in using certificates...
0
 
gateguardAuthor Commented:
MNH1966, that didn't work.

I actually have a support incident open with Microsoft on this and I will definitely post the results here.

I've been working with them for days on it and it looks to me (although they are not saying this yet) that Outlook 2010 64-bit over VPN (on ISA2006) to Exchange 2010 is incompatible.

Switching to Outlook 2010 32-bit definitely fixes the problem but there are purists who only want to run 64-bit programs on their 64-bit machines.

Anyway, I really appreciate all the help I received on this question and, like I said, I will be posting final results.

0
 
gateguardAuthor Commented:
Thanks for all your hellp.  I think the issue is isa2006 not supporting outlook2010 64-bit connections.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 10
  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now